Presentation is loading. Please wait.

Presentation is loading. Please wait.

Prepare for the future  The de-perimeterised “road-warrior”  Paul Simmonds ICI Plc. & Jericho Forum Board.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Prepare for the future  The de-perimeterised “road-warrior”  Paul Simmonds ICI Plc. & Jericho Forum Board."— Presentation transcript:

1 Prepare for the future  The de-perimeterised “road-warrior”  Paul Simmonds ICI Plc. & Jericho Forum Board

2 Requirements Wi-Fi, Ethernet 3G/GSM/GPRS Wi-Fi / 3G GSM/GPRS Voice over IP Mobile e-Mail Location & Presence Web Access E-mail / Calendar Voice over IP Corporate Apps

3 Requirements – Hand-held Device  VoIP over Wireless –Integrated into Corporate phone box / exchange with calls routed to wherever in the world  Mobile e-Mail & Calendar –Reduced functionality synchronised with laptop, phone and corporate server  Presence & Location –Defines whether on-line and available, and the global location  Usability –Functions & security corporately set based on risk and policy.

4 Requirements – Laptop Device  Web Access –Secure, “clean”, filtered and logged web access irrespective of location  e-Mail and Calendar –Full function device  Voice over IP –Full feature set with “desk” type phone emulation  Access to Corporate applications –Either via Web, or Clients on PC  Usability –Functions & security corporately set based on risk and policy –Self defending and/or immune –Capable of security / trust level being interrogated

5 Corporate Access – The Issues  Corporate users accessing corporate resources typically need; –Access to corporate e-mail (pre-cleaned) –Access to calendaring –Access to corporate applications (client / server) –Access to corporate applications (web based)

6 Internet Putting it all together – Corporate Access Mailserver https Access to Corporate Apps E-mail / Calendar secure protocol Secure App Protocol AppServerWeb Delivered Application Corporate Perimeter / QoS Boundary

7 Web Access – The Issues *  Single Corporate Access Policy –Regardless of location –Regardless of connectivity method –With multiple egress methods  Need to protect all web access from malicious content –Mobile users especially at risk * This will be the subject of a future Jericho Position Paper

8 Putting it all together – Web Access Internet Filtering & Reporting Service Corporate Perimeter / QoS Boundary Proxy Server Safe Unsafe Web Server Proxy Chain Internet Safe

9 Voice /Mobile Access - The Issues  Mobile / Voice devices require; –Connection of any VoIP device to the corporate exchange –Single phone number finds you on whichever device you have logged in on (potentially multiple devices) –No extra devices or appliances to manage –Device / supplier agnostic secure connectivity

10 Putting it all together – VoIP Access VoIP Server Corporate Perimeter / QoS Boundary Authentication System Internet Soft-phone sVoIP Imbedded Home Office

11 Issues - Trust  NAC generally relies on a connection –Protocols do not make a connection in the same way as a device  Trust is variable –Trust has a temporal component –Trust has a user integrity (integrity strength) –Trust has a system integrity  Two approaches; –Truly secure sandbox (system mistrust) –System integrity checking

12 Internet Putting it all together – System Trust System Trust Broker Service Corporate Perimeter / QoS Boundary AppServer Sandbox AppServer Secure App Protocol Query Integrity Module Integrity Query

13 An inherently secure system  When the only protocols that the system can communicate with are inherently secure; –The system can “black-hole” all other protocols –The system does not need a personal firewall –The system is less prone to malicious code –Operating system patches become less urgent

14 An inherently secure corporation  When a corporate retains a WAN for QoS purposes; –WAN routers only accept inherently secure protocols –The WAN automatically “black-holes” all other protocols –Every site can have an Internet connection as well as a WAN connection for backup –Non-WAN traffic automatically routes to the Internet –The corporate “touchpoints” now extend to every site thus reducing the possibility for DOS or DDOS attack.

15 Paper available soon from the Jericho Forum  The Jericho Forum Position Paper “Internet Filtering and reporting” is currently being completed by Jericho Forum members http://www.jerichoforum.org

Download ppt "Prepare for the future  The de-perimeterised “road-warrior”  Paul Simmonds ICI Plc. & Jericho Forum Board."

Similar presentations

www.dynamicsoft.com Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.

Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.
Rocket Software, Inc. Confidential James Storey General Manager, OSS Unit Rocket Software APNOMS 2003: Managing Pervasive Computing and Ubiquitous Communications.

Rocket Software, Inc. Confidential James Storey General Manager, OSS Unit Rocket Software APNOMS 2003: Managing Pervasive Computing and Ubiquitous Communications.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.
Real world application Corporate Wireless Networking Andrew Yeomans DrKW & Jericho Forum Board.

Real world application Corporate Wireless Networking Andrew Yeomans DrKW & Jericho Forum Board.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.

Computer Security: Principles and Practice Chapter 9 – Firewalls and Intrusion Prevention Systems.
Secure Lync mobile Authentication

Secure Lync mobile Authentication
Secure SharePoint mobile connectivity

Secure SharePoint mobile connectivity
Improving Connections for the Mobile Worker Theron Dodson Ascendent Systems August 9.

Improving Connections for the Mobile Worker Theron Dodson Ascendent Systems August 9.
Module CSY3021 Network Planning and Programming RD-CSY3021-08/09 1.

Module CSY3021 Network Planning and Programming RD-CSY /09 1.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Real world application  Protocols  Paul Simmonds ICI Plc. & Jericho Forum Board.

Real world application  Protocols  Paul Simmonds ICI Plc. & Jericho Forum Board.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.

Network and Server Basics. 6/1/20152 Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server.
Computer Networks An Overview. A Computer Network!

Computer Networks An Overview. A Computer Network!
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.
SecPath Firewall Architecture. Objectives Upon completion of this course, you will be able to: Understand the architecture of SecPath series firewalls.

SecPath Firewall Architecture. Objectives Upon completion of this course, you will be able to: Understand the architecture of SecPath series firewalls.
Computer Networks IGCSE ICT Section 4.

Computer Networks IGCSE ICT Section 4.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.
Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Network Topology. Cisco 2921 Integrated Services Router Security Embedded hardware-accelerated VPN encryption Secure collaborative communications with.

Similar presentations

Ads by Google